+++ /dev/null
-2006 02 12
-Updated WANTED. Added uucp (ha!) and a VERY preliminary version of
-pcanywhere. Improved msnmessenger. It now catches actual conversations
-and not just the logins.
-
-2006 01 22
-Modified dns and unknown so that they do not generate warnings about having
-control characters or nulls in hex.
-Improved dns. Now it matches XXX.XXX.XXX.XXX.in-addr.arpa lookups and IPv6
-queries.
-Added thecircle.
-Updated msnmessenger to handle MSN Messenger 7.5's HTTP encapsulation.
-
-2006 01 17
-Improved msnmessenger pattern slightly. (I don't think it was causing
-any problems, but it wasn't set up to catch connections that only
-specified one version of MSNP. This does _not_ address the possible issue
-currently under discussion on the mailing list.)
-Fixed ares, it had a regexp syntax error.
-
-2006 01 15
-ventrilo ok -> good, skypetoskype good -> marginal.
-Improved gopher (it actually didn't work at all before, like anyone cared :-)).
-Added wiki links to every pattern file.
-Added http-rtsp.
-Improved msn-filetransfer: now should match MSNSLP.
-Updated comments in directconnect.
-
-2006 01 08 17
-Fixed stupid error in ventrilo.
-
-2006 01 08
-Socks marginal -> ok. Added ventrilo.
-
-2005 12 16
-Tweaked "pattern group" metadata. Reserved "networking" for protocols
-that are really nuts and bolts like DNS, DHCP and BGP. Clarified "internet
-standard" (most actually aren't officially IETF standards). Improved ares.
-
-2005 12 14
-Added teamspeak, worldofwarcraft. Added preliminary "pattern group"
-metadata to all of the patterns.
-
-2005 11 20
-Improved xunlei.
-
-2005 11 05
-Added dayofdefeat-source.
-
-2005 09 12
-Improved xunlei, applejuice, http.
-
-2005 09 05
-Added citrix, whois. Added x11 data for testing.
-
-2005 09 03
-irc now allows MIRC color codes. Fixed commented out dns and nntp
-patterns. Added a set of real data to speed testing program.
-Corrected/updated speed ratings of finger, dns, gopher, ftp, smtp. Made
-gnutella faster. Changed tls to ssl; it catches SSLv3 now. Improved
-validcertssl: it's faster and catches more. Added speed comments to
-napster and soulseek.
-
-2005 08 24
-Small improvements to napster (* --> +).
-Added UDP junk to bittorent, but commented out until it's confirmed.
-Added xunlei.
-
-2005 08 10
-Added soulseek. Noted that tsp can overmatch (saw it match soulseek).
-Cleaned up pattern file headers.
-
-2005 08 09
-Added napster. Made dhcp faster.
-
-2005 08 06
-Added "overmatch" to skypeout. Improved gnutella (is much faster and no
-longer attempts to match gnutella web cache HTTP connections).
-
-2005 07 28
-Skypeout was too long, fixed. Added checks in tests for this. Added some
-info to HOWTO. Improved gnutella (picks up limewire wierdness).
-
-2005 07 17
-Changed license to dual GPL/CC, since we're using CC on protocolinfo.org.
-Changed skypeout pattern to the scary long one, because the old one just
-doesn't work. Added battlefield2. Added protocolinfo advertisements.
-
-2005 06 17
-Added freenet pattern. Commented out old pattern in ares. Fixed minor
-typo in edonkey pattern.
-
-2005 06 04
-Improved ares. Added note to ntp.
-
-2005 05 27
-Improved ntp. Tinkered with the documentation.
-
-2005 05 26
-Added doom3 and ntp. \0d --> \x0d in quicktime and msnmessenger. Updated
-commented out version of vnc. Made irc much faster.
-
-2005 05 25
-Improved counterstrike and renamed it counterstrike-source for clarity.
-
-2005 05 23
-Realizing that "\x7c" is treated _exactly_ like "|" (and so forth):
-\x7c --> \| in battlefield1942
-\x2b --> \+ in soribada
-\x2e --> \. in tesla
-Added halflife2-deathmatch.
-
-2005 05 19
-Fixed rar (had the zip pattern by accident). Fixed what I think was a typo
-in finger '$' --> '^'. Added trivial script, test_all.sh, to testing.
-
-2005 05 18
-Updated skype (split into skypeout and skypetoskype), counterstrike and
-flash. gnutella should now match gnutella 2. Added zip, rar and exe.
-Fixed typo: rstp --> rtsp. Tinkered with gopher.
-
-2005 04 29
-Reorganization. No functional changes.
-
-2005 04 26
-Added soribada, ares.
-
-2005 03 13
-Added poco, qq, kugoo, 100bao (all Chinese things I've never heard of...).
-
-2005 02 06
-Added sip. Tweaked "pattern quality" on a number of patterns.
-
-2005 01 29
-Improved ssh, it now matches both v1 and v2.
-
-Improved and tested fasttrack. It was overmatching in some cases, now
-it isn't.
-
-Moved audiogalaxy to extra/ as, from what I can tell, no one uses it (the
-program) anymore.
-
-2005 01 20
-- gnutella now matches UDP Gnutella packets as well as TCP.
-- Removed bearshare and winmx (just use gnutella).
-- Improved jabber.
-- Trivial change to x11.
-- Fixed httpaudio, httpvideo, httpcachehit and httpcachemiss, which were
-all missing a [\x09-\x0d ].
-- Added ssdp.
-- Improved shoutcast. Now matches Icecast too.
-
-2005 01 17
-Fixed http-itunes and battlefield1942 (file names didn't match protocol
-names in file...). Improved yahoo.
-
-2005 01 05
-Added tls.
-
-2004 12 29
-Added xboxlive (or maybe just halo 2?).
-
-2004 12 21
-Obfuscated e-mail addresses and added some credits.
-
-2004 12 08
-Added battlefield1942.
-
-2004 11 28
-Added ^ to h323.
-
-2004 11 22
-Changed a \x18 to a . in h323.
-
-2004 10 29
-Removed "range: bytes=" from openft. This caused false positives.
-Added a cert authority to validcertssl and changed a . to a \.
-
-2004 10 17
-Added subspace and skype (skype pattern could use work).
-
-2004 09 13
-Added http-itunes and shoutcast.
-
-2004 08 19
-Added ciscovpn. Improved irc (it now matches BitchX connections).
-
-2004 07 07
-Added bgp. Added Makefile and spec file.
-
-2004 07 05
-Added msn-filetransfer, zmaap, lpd. Added a program to test for false
-matches. Removed mysql because it has too many false matches.
-
-2004 07 01
-Cleaned up http (had an extraneous line). Added httpaudio, httpvideo,
-httpcachehit and httpcachemiss to extras. Improved quake-halflife,
-bittorrent.
-
-2004 06 27
-Fixed hddtemp. Slight improvements to Yahoo, SMB. Improvements to
-msnmessenger. Added TSP. Small bugfix in timeit.sh
-
-2004 06 01
-RDP fixed. Quicktime added. Added "extra" directory and moved anything that
-was a subset of something else in there.
-
-2004 04 22
-The performance testing program didn't do \xHH escapes. Now it does.
-
-2004 03 24
-Fixed gopher, openft.
-Added goboogy, tesla, hotline.
-Added performance testing program.
-
-2004 02 23
-Improved the speed of dns, aim, directconnect, gnutella, http, imap,
-nntp, ncp, msnmessenger, audiogalaxy, snmp. Still slow are (starting
-with the worst): ssh, fasttrack, validcertssl, aim, nbns, quake-halflife,
-http, openft. All the rest are at least 30 times faster than the fastest
-of these. (With Henry Spencer's regexp implementation, which is what we
-currently use.)
-
-2004 02 17
-Improved HTTP. Fixed and improved gnutella. Added hddtemp.
-
-2004 02 08
-Added MUTE and openFT.
-
-2004 01 06
-Added audiogalaxy. Improved gnutella.
-
-2004 01 02
-Changed quakeworld.pat to quake-halflife.pat . Improved it (still untested,
-though).
-
-Changed kazaa.pat to fasttrack.pat. Improved it.
-
-2003 12 16
-Added H.323. Improved NNTP, Ident, DNS.
-Added "pattern quality" lines to all patterns.
-
-2003 12 11
-Added VNC.
-
-2003 12 09
-Added jpg, gif, flash. Updated file_types/README.
-Made edonkey work and moved it to weakpatterns.
-
-2003 11 29
-Added CVS.
-
-2003 11 23
-Changed directory structure. All patterns are now in subdirectories.
-Made sure that all filenames matched protocol names. Noted patterns
-that require multipacket support. General cleanup.
-
-2003 11 12
-Updated HOWTO to include Netfilter version, etc.
-Added comments regarding what I've learned from ipp2p (thanks to Eicke
-Friedrich)
-Added applejuice, quake1, quakeworld.
-Improved (fixed?) bittorrent.
-
-2003 10 24
-Reverted to single packet ftp pattern. Minor revisions to malware/*
-
-2003 10 08
-Added eDonkey2000 pattern. Added file_type directory (with html, ogg,
-pdf, perl, ps, rpm, tar and rtf). Added malware directory (with Code Red
-and Nimda).
-
-2003 09 26
-I need to remember to include http in all the releases! Sorry about that.
-Added jabber.
-
-2003 09 24
-Added socks, nntp.
-
-2003 09 22
-Releases from here on should only be used with >=0.3.0 of the kernel patch
-Some significant speed improvements (gopher is no longer slow enough to bring
-down the machine when searching large strings) and some small accuracy
-improvements.
-Moved winmx and gopher to weakpatterns.
-Added snmp, snmp-mon and snmp-trap
-
-2003 09 19
-Added Samba, telnet.
-Added weakpatterns directory, which now contains mysql, finger, netbios.
-
-2003 09 18
-Added directconnect.
-
-2003 09 15
-Added biff. Fixed pop3 again. Improved SMTP.
-
-2003 09 14
-Added rlogin.
-
-2003 09 12
-Fixed pop3. Improved HTTP.
-
-2003 09 10
-Added dns, gopher.
-
-2003 09 05
-Improved x11, yahoo. Added bearshare. Changed all patterns to use \xHH
-notation instead of non-printable characters. This release, therefore,
-MUST be used only with version >= 0.2.0 of the kernel patch.
-
-2003 08 28
-Added irc, ident, x11. Made a number of patterns more specific by adding
-a '^' at the beginning of the line. Could have also added some $s at the end
-of lines, but in anticipation of matching across packets, didn't.
-Improved HOWTO.
-
-2003 08 21
-Added counterstrike, live365, pressplay, winmx. Fixed gkrellm.
-Fixed several patterns that used uppercase letters, which can't ever
-match. Will fix the kernel patch soon so that this doesn't matter.
-Got rid of the #s in files like this one. They were annoying.
-Just use "*.pat" in your scripts instead of "*".
-Added pattern writing HOWTO.
-
-2003 08 19
-Fixed ftp. Added gkrellm. Simplified tftp.
-
-2003 08 09
-Fixed dhcp. Added tftp. Improved aim.
-
-2003 08 08
-Updated DHCP pattern. Improved pattern comments, including adding status
-information (i.e. how well they work) for all the patterns. Added
-LICENSE file so it's clear these are released as part of the code of the
-l7-filter project.
-
-2003 07 07
-Added rdp.
-
-2003 06 01
-Added aim, bittorrent, nbns, ncp, dhcp, rstp, ipp, msnmessenger,
-aimwebcontent. Removed mohaa.
-
-2003 05 23
-Added gnucleuslan, validcertssl, counterstrike, gnutella, kazaa, smtp, mohaa.
-
-2003 05 09
-Cleaned up.
-
-2003 05 07
-This is the initial release. Currently we have primitive detection of
-ftp, http, imap, kazaa, pop3, and ssh. Expect future releases to include
-both more patterns and better definitions for the above protocols.